Check Detail
smartstream.tv · DNS
Passed
Grade A
100.0%
Result Detail
DNS| Host | Type | Answer | TTL |
|---|---|---|---|
| 94.130.97.81 | — |
Result Detail
HEADERAlerts
- Expect-CT: Expect-CT missing
- X-Permitted-Cross-Domain-Policies: Header missing
- Access-Control-Allow-Origin: Access-Control-Allow-Origin missing
- Origin-Agent-Cluster: Header missing
Normalized headers
| date | Tue, 14 Oct 2025 23:30:51 GMT |
|---|---|
| content-type | text/html; charset=utf-8 |
| content-length | 222704 |
| connection | keep-alive |
| vary | Accept-Encoding; RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding |
| x-nextjs-cache | HIT |
| cache-control | s-maxage=60, stale-while-revalidate |
| etag | "fkers5rjr4rf7" |
| content-security-policy | default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; frame-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; media-src 'self' |
| strict-transport-security | max-age=31536000; includeSubDomains |
| permissions-policy | accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), xr-spatial-tracking=() |
| x-content-type-options | nosniff |
| x-frame-options | DENY |
| x-xss-protection | 1; mode=block |
| referrer-policy | no-referrer-when-downgrade |
| cross-origin-embedder-policy | require-corp |
| cross-origin-opener-policy | same-origin |
| cross-origin-resource-policy | same-origin |
Transport
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Strict-Transport-Security | ✅ Passed | max-age=31536000; includeSubDomains | max-age>=15768000; includeSubDomains; preload | HSTS policy robust | Critical | Strict-Transport-Security: max-age=63072000; includeSubDomains; preload |
| Expect-CT | ❌ Missing | enforce; max-age>=86400 | Expect-CT missing | Medium | Expect-CT: enforce, max-age=86400, report-uri="https://report.example.com" |
Content Security
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Content-Security-Policy | ✅ Passed | default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; frame-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; media-src 'self' | default-src 'self'; frame-ancestors 'none' | default-src 'self'; frame-ancestors 'none' | Critical | Content-Security-Policy: default-src 'self'; frame-ancestors 'none' |
MIME
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| X-Content-Type-Options | ✅ Passed | nosniff | nosniff | Value matches recommendation | High | X-Content-Type-Options: nosniff |
Framing
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| X-Frame-Options | ✅ Passed | DENY | DENY or SAMEORIGIN | Value accepted | High | X-Frame-Options: DENY |
Privacy
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Referrer-Policy | ✅ Passed | no-referrer-when-downgrade | strict-origin-when-cross-origin / same-origin | strict-origin-when-cross-origin | Medium | Referrer-Policy: strict-origin-when-cross-origin |
Browser Features
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Permissions-Policy | ✅ Passed | accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), xr-spatial-tracking=() | camera=(); geolocation=(); microphone=() | camera=(); geolocation=(); microphone=() | Medium | Permissions-Policy: camera=(), geolocation=(), microphone=() |
Cross-Origin
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Cross-Origin-Opener-Policy | ✅ Passed | same-origin | same-origin | Value matches recommendation | High | Cross-Origin-Opener-Policy: same-origin |
| Cross-Origin-Embedder-Policy | ✅ Passed | require-corp | require-corp | Value matches recommendation | High | Cross-Origin-Embedder-Policy: require-corp |
| Cross-Origin-Resource-Policy | ✅ Passed | same-origin | same-origin | Value matches recommendation | Medium | Cross-Origin-Resource-Policy: same-origin |
| Origin-Agent-Cluster | ❌ Missing | ?1 | Header missing | Low | Origin-Agent-Cluster: ?1 |
Caching
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Cache-Control | ✅ Passed | s-maxage=60, stale-while-revalidate | no-store, private, max-age=0 | no-store, private, max-age=0 | High | Cache-Control: no-store, private, max-age=0 |
Legacy
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| X-Permitted-Cross-Domain-Policies | ❌ Missing | none | Header missing | Low | X-Permitted-Cross-Domain-Policies: none |
CORS
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Access-Control-Allow-Origin | ❌ Missing | Scoped origin (no wildcard) | Access-Control-Allow-Origin missing | Medium | Access-Control-Allow-Origin: https://app.example.com |
Information Disclosure
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Server | ✅ Passed | Header removed or generic | Header not exposed | High | Remove Server header or set to a generic token | |
| X-Powered-By | ✅ Passed | Header removed | Header not exposed | High | Remove X-Powered-By header | |
| X-AspNet-Version | ✅ Passed | Header removed | Header not exposed | Medium | Remove framework version headers |
Raw headers
HTTP/1.1 200 OK Date: Tue, 14 Oct 2025 23:30:51 GMT Content-Type: text/html; charset=utf-8 Content-Length: 222704 Connection: keep-alive Vary: Accept-Encoding Vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding x-nextjs-cache: HIT Cache-Control: s-maxage=60, stale-while-revalidate ETag: "fkers5rjr4rf7" Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; frame-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; media-src 'self' Strict-Transport-Security: max-age=31536000; includeSubDomains Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), xr-spatial-tracking=() X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block Referrer-Policy: no-referrer-when-downgrade Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin
Result Detail
SSL| Check name | Status | Value |
|---|---|---|
| certificate chain is complete | ✅ Passed | 3 |
| root CA is trusted | ✅ Passed | Trusted |
| cert valid for | ✅ Passed | 54 |
| chain certs are valid until | ✅ Passed | 07.12.2025 |
| CN matches Domainname | ✅ Passed | smartstream.tv |
| certificate subject | ✅ Passed | CN=smartstream.tv |
| certificate issuer | ✅ Passed | C=US, O=Let's Encrypt, CN=E7 |
| signature algorithm | ✅ Passed | ecdsa-with-SHA384 |
| TLS protocol | ✅ Passed | TLSv1.3 TLS_AES_256_GCM_SHA384 |
| Subject Alternative Names | ✅ Passed | smartstream.tv |
| Public Key | ✅ Passed | EC 256 |
Certificate chain
| # | Common name | Issuer | Valid until | CA |
|---|---|---|---|---|
| 0 | smartstream.tv | C=US, O=Let's Encrypt, CN=E7 | 07.12.2025 14:25:02 | No |
| 1 | smartstream.tv | C=US, O=Let's Encrypt, CN=E7 | 07.12.2025 14:25:02 | No |
| 2 | E7 | C=US, O=Internet Security Research Group, CN=ISRG Root X1 | 13.03.2027 00:59:59 | Yes |
TLS details
| Negotiated protocol | TLSv1.3 |
|---|---|
| Cipher suite | TLS_AES_256_GCM_SHA384 (256 bit) |
| Cipher version | TLSv1.3 |
| Perfect Forward Secrecy | Attention |
| Earliest chain expiry | 07.12.2025 14:25 |
Fingerprints
| SHA-256 | FC:06:DD:A6:4C:EF:64:05:72:4A:CC:37:BE:C6:B9:54:57:8B:99:E0:05:F1:D3:49:93:C0:82:62:13:99:22:75 |
|---|---|
| SHA-1 | A6:28:3F:FA:F6:EA:71:A9:74:C5:22:48:06:A7:AA:6F:90:2E:19:90 |
Revocation
OCSP URLs
—
CRL URLs
Full Name:
URI:http://e7.c.lencr.org/13.crl
Issuer URLs (AIA)
http://e7.i.lencr.org/
OCSP Must-Staple
No
Trust evaluation
Attempted: Yes
Trusted: Yes
OpenSSL diagnostic command
openssl s_client -connect smartstream.tv:443 -servername smartstream.tv
Result Detail
WAFSign up to use!
Ownership verification required
Real WAF results become available after signing up. Until then we show you a small teaser from the imagination department.
- Shield level Mythisch
- Watchers Gremlins im Standby
- Last attack Story folgt nach Registrierung